Showing results for 
Search instead for 
Did you mean: 

IETF X.509 Certificate Signature Collision Vulnerability on cisco asa

Level 7
Level 7

Hi Experts,

We have got an alert from our security team that one of our ASA which has the CA certficate for SSLVPN has the following vulnerability when they did the scan.

IETF X.509          Certificate Signature Collision Vulnerability.
I have searched in web and i couldn't find a proper solution. Can any one help how to make this solved.
As per the info in the other forumn we need to make SHA instead of MD5 for this certificate. But am not really sure how to make that. Since this is in the production environment.
we have the local trust certficate pointed for that SSL vpn.
Thanks in advance folks.
1 Reply 1

There is nothing you can do on your ASA. The signature in question is applied by the CA onto the ID-certificate. You need to change your CA and choose a vendor that cares about security.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: